CVE-2012-2626

EXPLOITED

Plixer Scrutinizer <9.5.0 - RCE

Title source: llm

Description

cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Mario Ceballos · textwebappscgi

https://www.exploit-db.com/exploits/37549

View Code ZIP pw:eip

metasploit WORKING POC

by MC, Jonathan Claudius, Tanya Secker, sinn3r · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/scrutinizer_add_user.rb

View Code ZIP pw:eip

References (2)

[Broken Link, Third Party Advisory] http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html

[Exploit, Third Party Advisory] https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt

Scores

EPSS 0.7598

EPSS Percentile 98.9%

Details

VulnCheck KEV 2024-10-01

CWE

CWE-287

Status published

Products (1)

sonicwall/scrutinizer < 9.5.0

Published Jul 31, 2012

Tracked Since Feb 18, 2026